package com.jas.agent.licence;

import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import sun.security.x509.X500Name;

import java.math.BigInteger;
import java.security.*;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Date;

/**
 *
 *
 * @packageName: com.jas.agent.licence
 * @className: XaCertificateGen
 * @author: yanyuhui y568821795@outlook.com
 * @date: 2024-10-29 10:54
 * @description: 证书生成
 */
public class XaCertificateGen {


    static {
        Security.addProvider(new BouncyCastleProvider());
    }

    public static void main(String[] args) throws Exception {
        KeyPair keyPair = generateRSAKeyPair();
        PrivateKey caPrivateKey = keyPair.getPrivate();
        PublicKey caPublicKey = keyPair.getPublic();

        X509Certificate certificate = generateCertificate(caPrivateKey, caPublicKey);

        saveKeyToFile("ca.key", caPrivateKey);
        saveCertificateToFile("ca.crt", certificate);
    }

    private static KeyPair generateRSAKeyPair() throws NoSuchAlgorithmException {
        KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
        generator.initialize(4096, new SecureRandom());
        return generator.generateKeyPair();
    }

    private static X509Certificate generateCertificate(PrivateKey issuerPrivateKey, PublicKey issuerPublicKey) throws Exception {
        long now = System.currentTimeMillis();
        Date notBefore = new Date(now - 24 * 60 * 60 * 1000); // yesterday
        Date notAfter = new Date(now + 10 * 365 * 24 * 60 * 60 * 1000); // ten years later
        X500Name issuerName = new X500Name("CN=JetProfile CA");
        X500Name subjectName = new X500Name("CN=Novice-from-2024-01-19");

        BigInteger serialNumber = new BigInteger(64, new SecureRandom());

        X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(
                issuerName.asX500Principal(), serialNumber, notBefore, notAfter, subjectName.asX500Principal(), issuerPublicKey);

        ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(issuerPrivateKey);

        return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateBuilder.build(contentSigner));
    }

    private static void saveKeyToFile(String filename, Key key) throws Exception {
        byte[] keyBytes = key.getEncoded();
        try (java.io.FileOutputStream fos = new java.io.FileOutputStream(filename)) {
            fos.write(keyBytes);
        }
    }

    private static void saveCertificateToFile(String filename, Certificate certificate) throws Exception {
        byte[] certBytes = certificate.getEncoded();
        try (java.io.FileOutputStream fos = new java.io.FileOutputStream(filename)) {
            fos.write(certBytes);
        }
    }

}
